Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Feb 2017 11:56:16 +0100
From: Hanno Böck <>
Subject: Multiple memory access issues in gstreamer


gstreamer 1.10.3 got released, from the release notes:
"Various fixes for crashes, assertions, deadlocks and memory leaks on
fuzzed input files and in other situations"

Here they are (at least the ones I reported):
gst-plugins-good/aacparse: invalid memory read in
gst-plugins-good/qtdemux: out of bounds read in qtdemux_tag_add_str_full
gst-plugins-base/riff-media: floating point exception in
gstreamer core/datetime: out of bounds read in
gst-plugins-base/riff: stack overflow in gst_riff_create_audio_caps
gst-plugins-good/qtdemux: out of bounds heap read in
gst-plugins-good/avidemux: gst_avi_demux_parse_ncdt heap out of bounds
gst-plugins-base/samiparse: heap oob in html_context_handle_element
gst-plugins-bad/mxfdemux: use after free in gst_mini_object_unref /
gst_tag_list_unref / gst_mxf_demux_update_essence_tracks
gst-plugins-base: floating point exception in gst_riff_create_audio_caps
(different than #777262)
gst-plugins-good/avidemux: invalid memory read in
gst-plugins-ugly/asfdemux: invalid memory read in

And more that didn't make it into 1.10.3:
gst-plugins-ugly/asfdemux: out of bounds read in
gst-plugins-bad/mpegdemux: Invalid memory read in gst_ps_demux_parse_psm

(example files are always attached or linked in the bug reports)

I also reported multiple other issues like memory leaks or hangs which
I consider have no security relevance.

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.